III. REMARKS 

By this amendment, claims 1, 5 and 13 have been amended and claims 21 and 22 have 
been canceled. As a result, claims 1, 2, 4-6, 8-15, 18-20 and 24 remain pending in this 
application. Applicants do not acquiesce in the correctness of the rejections and reserve the right 
to present specific arguments regarding any rejected claims not specifically addressed. Further, 
Applicants reserve the right to pursue the fiiU scope of the subject matter of the original claims in 
a subsequent patent application that claims priority to the instant application. Reconsideration in 
view of the following remarks is respectfiiUy requested. 

Initially, Applicants thank the Examiner for the telephone interview of November 20, 
2008, with their representative. Hunter E. Webb. No proposed amendment was submitted in 
advance of the interview. In the interview. Applicant's representative discussed features of the 
claimed invention that Applicants assert are not disclosed by the cited references, including the 
"message types" and "execution program set" of the claimed invention. The Examiner 
recommended that Applicants fiirther define these terms within the claims and incorporate the 
material of claims 21 and 22 within the independent claims, which Applicants have done via this 
response. No agreement was reached. 

In the Office Action, claims 13-15 and 18-20 have been rejected under 35 U.S.C. §101. 
By this amendment, claim 13 has been amended to link the at least one computing device with 
the other elements of the claim, thus obviating the possibility that the security control apparatus 
could be fimctional descriptive material. In view of the foregoing. Applicants request withdrawal 
of the §101 rejection. 
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In the Office Action, claims 1, 2, 4-6, 8-15, 18-22 and 24 are rejected under 35 U.S.C. 
§ 103(a) as allegedly being anticipated by Reshef et al. (U.S. Patent No. 6,584,569), hereafter 
"Reshef," in view of Steele et al. (US Pub. No. 2003/0191737) (hereafter Steel) and further in 
view of Wagner (U.S. Patent No. 6,085,224), hereafter "Wagner." 

Applicants assert that the references cited by the Office do not teach or suggest each and 
every feature of the claimed invention. For example, with respect to independent claims 1, 5 and 
13, Applicants submit that the cited references fail to teach or suggest "receiving an identification 
of an execution program set to be used to process said message received, the execution program 
set being a set of routines that incorporate data entered by a user in a particular execution page 
into a database query for a particular database." Claim 1, similarly claimed in claims 5 and 13. 
In contrast, Reshef discloses a system that generates mutations to mimic potential security 
vulnerabilities. The Office cites to col. 10, table 1, lines 26-61 and col. 9, lines 32-58 to disclose 
the above elements. However, a carefiil review of the sections of Reshef cited by the Office 
reveals that Reshef describes a number of mutation rules to be implemented based on the 
potential security vulnerability. These mutation rules are used to generate mutated requests or 
exploits for use in an attack stage to test the vulnerability of the system. These mutations are 
listed in the table. However, Reshef does not disclose that an execution program set that is a set 
of routines that incorporate data entered by a user in a particular execution page into a database 
query for a particular database or that its mutation rules are based thereon. Rather, in Reshef, 
there is no program set identified that would be used to process the message, only mutation rules 
used to generate mutated requests or exploits (AttackList) to test security vulnerabilities. Neither 
Steele nor Wagner overcomes this deficiency. Wagner scans for trigger events defined by event 
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configuration data and generates a response having event indicators, but provides no details of 
how the trigger events are identified. Col. 16, lines 54-55. In view of the foregoing. Applicants 
request withdrawal of the rejection. 

With further respect to independent claims 1, 5 and 13, Applicants submit that the cited 
references fail to teach or suggest "retrieving an identification of all message types associated 
with said execution program set, wherein the message types are based on a structure of elements 
in a database query and are chosen from the group consisting of: single token; string; multiple 
tokens without keywords: OR, UNION and SEMI-COLON; multiple tokens without keywords: 
UNION and SEMI-COLON; multiple tokens without keywords: SEMI-COLON; and multiple 
tokens without restriction." Claim 1, similarly claimed in claims 5 and 13. To this extent, in 
contrast to Reshef, the message types of the claimed invention are expected formats of a 
messages used with the program set which have particular structure. Based on this information, 
the claimed invention examines the "message received by said server in relation to said message 
types associated with said execution program set; and determine[es] if said message received by 
said server contains an unauthorized element." In contrast, as stated above, Reshef discloses a 
system that generates mutations to mimic potential security vulnerabilities. As such, the 
mutation rules of Reshef are used to generate mutated requests or exploits for use in an attack 
stage to test the vulnerability of the system. To this extent, the mutation rules of Reshef are not 
based on the structure of a database query and do not contain the specific elements of the 
message types of the claimed invention. Neither Steele nor Wagner overcomes this deficiency. 
In view of the foregoing. Applicants request withdrawal of the rejection. 
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With still further respect to independent claims 1, 5 and 13, Applicants submit that the 
cited references fail to teach or suggest examining the message received from the to determine if 
it contains one or more unauthorized elements. Claim 1, similarly claimed in claims 5 and 13. 
In contrast, Reshef discloses intercepting a valid message flowing between a client browser and a 
web server and mutating the message to form slightly altered versions of the valid message that 
are then used to test for vulnerabilities in the web server. As such, the original message of 
Reshef is a valid message and is not tested for validity or denied if invalid, but rather is used as a 
template to create invalid messages. To this extent, Reshef does not test the original message for 
unauthorized elements in an attempt to determine whether this particular message is valid. 
Neither Steele nor Wagner overcomes this deficiency. In view of the foregoing. Applicants 
request withdrawal of the rejection. 

With regard to the Office's other arguments regarding dependent claims, Applicants 
herein incorporate the arguments presented above with respect to the independent claims listed 
above. In addition. Applicants submit that all dependant claims are allowable based on their own 
distinct features. However, for brevity. Applicants will forego addressing each of these 
rejections individually, but reserves the right to do so should it become necessary. Accordingly, 
Applicants respectfully request that the Office withdraw its rejection. 

IV. CONCLUSION 

In addition to the above arguments. Applicants submit that each of the pending claims is 
patentable for one or more additional unique features. To this extent, Applicants do not 
acquiesce to the Office's interpretation of the claimed subject matter or the references used in 
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rejecting the claimed subject matter. Additionally, Applicants do not acquiesce to the Office's 

combinations and modifications of the various references or the motives cited for such 
combinations and modifications. These features and the appropriateness of the Office's 
combinations and modifications have not been separately addressed herein for brevity. However, 
Applicants reserve the right to present such arguments in a later response should one be 
necessary. 

In light of the above. Applicants respectfully submit that all claims are in condition for 
allowance. Should the Examiner require anything further to place the application in better 
condition for allowance, the Examiner is invited to contact Applicants' undersigned 
representative at the number listed below. 

Respectfully submitted, 
/Hunter E. Webb/ 
Hunter E. Webb 

Date: February 18, 2009 Reg. No.: 54,593 

Hoffman Wamick LLC 
75 State Street, 14'^ Floor 
Albany, New York 12207 
(518) 449-0044 
(518) 449-0047 (fax) 
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